Cyber attacks could have a major impact on the Australian economy, with new research suggesting breaches in major Australian cities could cost the country up to US$16 billion.
According to specialist insurance firm Lloyd’s, because businesses of all sectors and sizes are dependent on digital technology, it is essential that firms now ensure they have appropriate risk mitigation strategies and coverage in place to help them manage a cyber attack, as it is increasingly a case of when – not if – a breach will occur.
A joint Lloyd’s and Cambridge University study has found that of the world’s 301 major cities, Sydney has the 12th most GDP at risk from cyber attack, with $5 billion of GDP at risk from 2015-2025.
“Dealing with the reality of a cyber attack is critical for businesses of all sizes and sectors,” says Lloyd’s global CEO Inga Beale.
“It’s not just for banks to worry about – it impacts retailers, travel and hospitality firms, education and healthcare providers, and any business with proprietary information worth protecting,” she says.
“Where a decade ago people would talk about preventing a cyber attack, the reality is firms will be subjected to attacks. The issue is how you mitigate against that,” Beale says.
“We are living in a world where people carry a globally connected supercomputer in their pocket and almost every important work document is stored in the cloud, on servers or online,” she adds.
“The result is an explosion in the potential for cyber risk.”
Bdeale says the latest series of high profile data breaches is just the beginning.
“With the emergence of the Internet of Things the potential for cyber risk is enormous,” she says.
“This is where insurance can play a critical part. Not only are we there to assist financially, we can also provide advice and assistance on how to manage the risks and respond to them,” says Beale.
“Lloyd’s has seen the amount of cyber insurance being purchased in Australia increase 168-fold (16,828%) in the last two years, as more and more businesses seek to protect their balance sheets from this emerging threat,” she explains.
In the US, regulations have put the onus on businesses to protect their systems and approximately 25% of businesses now have cyber insurance. Such is the emphasis now placed on managing cyber risk in the US that even small businesses take out cyber insurance cover.
Whilst Europe is six or seven years behind the US in this regard, that looks like it is about to change; in 2018, the EU is introducing the General Data Protection Regulation (GDPR). Beale says this will have implications for any Australian business holding European customer data.
“The European Union General Data Protection Regulation means that for the first time any company holding European customer data will be required to disclose data breaches to national data protection authorities and, where warranted, affected individuals,” Beale explains.
“As the risks around us become increasingly man-made, understanding exposures and the impact they will have on the global economy has never been more important for business and governments right across the world,” she says.
Beale says managing cyber threats requires a joint effort between government and businesses to protect the economy and the individuals within it.
“An important part of that is information-sharing. For insurers that is critical, as we need to understand the risk to be able to price it and provide protection,” Beale says.
According to Beale, the Australian Government recently confirmed that “foreign spies” hacked into the Australian Bureau of Meteorology to steal sensitive documents.
“In addition, according to the Australian Cyber Security Centre, government systems were subjected to 1,095 cybersecurity incidents considered serious enough to warrant an operational response in the past 18 months,” she explains.
“A PwC survey last year found a 109% increase in detected security incidents in Australian companies, compared to a 38% global average.”
The Australian Government last week introduced mandatory data breach notification laws into parliament for the fourth time. The proposed legislation requires companies that have been breached and lose personal details, tax file numbers, medical records or credit card information to report the incident and notify affected customers.
According to The Lloyd’s City Risk Index 2015-2025 the global GDP at risk of cyber-attack is A$385 billion.
In Australia, the risk is measured at more than $16 billion spread over our six major cities: